Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'tried removing about:blank but can't...+hijackthis log


  • Please log in to reply
6 replies to this topic

#1 Dahabibi

Dahabibi

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 13 April 2005 - 09:50 AM

Okay, here's the deal. I've been infected with the lovely About:Blank. Since yesterday, I believe. It's F-ing up my whole computer.

It changed my start page (as about:blank does) and I can't change it back, and also I get gazillions of popups telling me I have spyware. (Noooooo! ya think???)

ALSO: I cannot restart in Safe mode... can about:blank be causing this? It used to work before!

I've tried formatting too, but that won't work either. Again, did about:blank cause this?

I tried removing it with the step by step instructions provided by this forum, but alas, no dice. I can't use any online virus scans, nor can I remove certain files that need to be removed. (I know about:blank is causing this)
-----------
ETA: What happens when I follow the instructions:

Step 1-8: OK
Step 9: Item found in RunServiceOnce: C:\Windows000\Win3S6.swp dllGetClassObject
Step 10-13: OK
Step 14: Can't find file 'Win3S6.swp', but do have a 'Win386.swp'. Cannot remove this.
Step 15-17: OK
Step 18: Can't run either of the online virusscans provided, I suspect About:Blank won't let me.
19-21: OK, but still have About:Blank.
-------------

I've scanned with SpybotS&D, SpySubstractPro and AdAware, they can locate the spyware but can't delete it (it freezes and nothing happens).

I'm using WinME, by the way, is there anything else you need to know?

Finally, I ran & saved a logfile with Hijackthis, but I have no idea what to do with it. Help?



Logfile of HijackThis v1.99.1
Scan saved at 4:34:45 PM, on 4/13/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\WINDOWS.000\LOADQM.EXE
C:\WINDOWS.000\RUNDLL32.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS.000\SYSTEM\PSTORES.EXE
C:\WINDOWS.000\SYSTEM\STIMON.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\WINDOWS.000\TEMP\ICD2.TMP\JINSTALL.EXE
C:\WINDOWS.000\TEMP\JINSTALLER142.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS.000\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS.000\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\NL\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {432084E7-F327-422C-9E1B-1818FC03986D} - C:\WINDOWS.000\SYSTEM\GEKO.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\NL\MSNTB.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS.000\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS.000\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O18 - Filter: text/html - {99502575-F8D8-485F-A260-E78AA8CED926} - C:\WINDOWS.000\SYSTEM\GEKO.DLL
O18 - Filter: text/plain - {99502575-F8D8-485F-A260-E78AA8CED926} - C:\WINDOWS.000\SYSTEM\GEKO.DLL

Edited by Dahabibi, 13 April 2005 - 10:24 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:21 AM

Posted 13 April 2005 - 11:10 PM

Please go to this page:

http://www.derbilk.de/404.html

Download the appropriate file for your operating system.

Run the program and then post the resulting log along with a new hijackthis log.

#3 Dahabibi

Dahabibi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 14 April 2005 - 12:51 PM

Thank you for your response!

Here is my SpSHjfix Log:


(4/14/05 7:35:14 PM) SPSeHjFix started v1.09
(4/14/05 7:35:14 PM) OS: WinME (4.90.73010104)
(4/14/05 7:35:14 PM) Language: english
(4/14/05 7:35:20 PM) Disinfect started
(4/14/05 7:35:20 PM) Bad-Dll(IEP): (not found)
(4/14/05 7:35:20 PM) Bad-Dll(IEP) in BHO: (not found)
(4/14/05 7:35:20 PM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS.000\SYSTEM\NNOM.DLL
(4/14/05 7:35:20 PM) Searchassistant Uninstaller - Keys Deleted
(4/14/05 7:35:20 PM) UBF: 4
(4/14/05 7:35:20 PM) UBB: 2
(4/14/05 7:35:20 PM) UBR: 16
(4/14/05 7:35:20 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\WINDOWS.000\TEMP\SE.DLL,DllInstall (deleted)
(4/14/05 7:35:20 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(4/14/05 7:35:20 PM) Stealth-String found: C:\WINDOWS.000
(4/14/05 7:35:20 PM) File added to delete: c:\windows.000\system\nnom.dll
(4/14/05 7:35:20 PM) File added to delete: c:\windows.000\temp\se.dll
(4/14/05 7:35:20 PM) File added to delete: c:\windows.000
(4/14/05 7:35:20 PM) Reboot
(4/14/05 7:44:50 PM) SPSeHjFix 2nd Step
(4/14/05 7:44:50 PM) RunServicesOnce-Key: (alex)
(4/14/05 7:44:59 PM) Cleaned

-----------------------------------------------

And my new Hijackthis Log:


Logfile of HijackThis v1.99.1
Scan saved at 7:47:13 PM, on 4/14/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS.000\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS.000\SYSTEM\PSTORES.EXE
C:\WINDOWS.000\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\NL\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\NL\MSNTB.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS.000\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS.000\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

-----------------------------
Now, at startup, I get an error message:

Error Loading C:\Windows000\Temp\se.dll
The system cannot find the file specified


And now IE doesn't work...
(Luckily I have 2 computers...)

Edited by Dahabibi, 14 April 2005 - 12:56 PM.


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:21 AM

Posted 14 April 2005 - 02:37 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS.000\TEMP\SE.DLL,DllInstall

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS.000\TEMP\SE.DLL

Reboot your computer to go back to normal mode and post a new log.

Open Internet Explorer. When it is open click on Tools and then Internet Options. Then click on the Connections tab and then press the Lan Settings button. Do you have it set to use a proxy server?

#5 Dahabibi

Dahabibi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 14 April 2005 - 03:31 PM

After fixing the 4 files in HijackThis, IE is now working again, but I still have the about:blank start page...

new HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:26:43 PM, on 4/14/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS.000\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\NL\MSNAPPAU.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\WINDOWS.000\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS.000\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\NL\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\NL\MSNTB.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS.000\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Startup: Doorgaan met Windows Update-installatie.lnk = C:\WINDOWS.000\Windows Update Setup-bestanden\ie6setup.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:21 AM

Posted 14 April 2005 - 05:31 PM

Your log is clean! Great job!

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help.

#7 Dahabibi

Dahabibi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 15 April 2005 - 06:42 AM

Thank you so much for your help, my computer seems to be okay now.... for now :thumbsup: I'm good at creating problems... that's what I get for fiddling with this thing too much. I still have problems with starting up in safe mode, though, but obviously that has another reason.... *heads to appropriate section of forum*

Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users